NEW DELHI: “This is good for Aadhaar and good for people,” Unique Identification Authority of India (UIDAI) chief executive Ajay Bhushan Pandey told ET on the amendments proposed by the Justice Srikrishna Committee in its report on data protection.

Pandey, who was also part of the committee, said the amendments would be a “substantial enhancement” to the security and privacy of Aadhaar data. The committee has proposed enforcement powers to UIDAI like other regulatory bodies and the power to impose civil penalties – which will add more teeth to the agency that manages the Aadhaar data.

“If there are provisions for privacy and data protection, there also have to be enforcement of those provisions. You cannot enforce the requirements of privacy without enforcement powers," Pandey said.

He also welcomed the new provision of ‘offline verification’ proposed by the committee in which Aadhaar holders do not have to disclose their Aadhaar number for routine transactions. “This will have two advantages – one, in remote areas where there is problem of connectivity and because of that if there was some authentication failure, services can be given through offline verification.

It will help people. Also, everyone does not go through online authentication, especially with those private entities which are not mandated under the law – if they want to verify someone’s identity, they can do it offline,” Pandey told ET.

The committee in its report recommended two amendments to the Aadhaar Act. Under the new proposed regulatory powers, UIDAI can conduct inquiries and impose a civil penalty of up to Rs 1 crore on any entity that violates the Aadhaar Act, besides powers of search, seizure and requisitioning help of the police to stop such a violation.

The maximum jail sentence for illegally accessing Aadhaar data from UIDAI’s Central Identities Data Repository has been proposed to be enhanced from three years at present to ten years. Also, 3-10 years in jail will be the punishment for unauthorised use of Aadhaar biometric information and a maximum of three years in jail is proposed for those collecting Aadhaar information without the holder’s consent or publishing or publicly displaying any Aadhaar numbers.

The other proposed amendment aims at limiting collection of personal data to that necessary for processing, and thereby classifying requesting entities into two kinds – one who can request for authentication if it is mandated by law made by Parliament or one performing a public function approved by UIDAI. Even they can be further classified to accept only the virtual ID, an alias of Aadhaar number, or can directly access Aadhaar, the committee has said.

The second category entities will be those who do not perform a public function but ask for Aadhaar to ascertain identity. “This represents a significant privacy concern,” the committee said, proposing only offline verification facility for such entities.

“The proposed changes will be instrumental in addressing significant privacy concerns that have been raised relating to the Aadhaar framework,” the report said.